AWS Step-by-Step

Creating AI Guardrails for Amazon Bedrock, Part 1

• By Brien Posey
• 03/27/2025

By now we have probably all see examples of generative AI going "off the rails." When left completely unchecked, AI engines can occasionally produce output that is questionable -- to put it nicely. As an example, the internet is filled with examples of AI making threats or expressing a deep desire to destroy humanity.

Of course it isn't just generative AI's output that you have to worry about. Criminals are increasingly leveraging AI as a tool for perfecting phishing scams and for planning other types of crimes.

Unfortunately, corporations can suffer financial consequences if the AI interface that its employees are using generates certain types of content or if that AI is misused by employees. Fortunately, AWS makes it easy to place guardrails around Bedrock models.

For those who might not be familiar with Bedrock, it's a platform within AWS for hosting various generative AI models. Amazon maintains an entire catalog of AI models that can work with Bedrock. Currently, AI models are available from 20 different providers and can generate a wide variety of content types.

Before I walk you through the process of creating guardrails for Bedrock, it's important to consider the types of workloads that you run on Amazon Bedrock and what your needs are for placing guardrails around those workloads. It may be that some workloads require really strict guardrails, while others need guardrails that are more permissive. Conversely, you may have a policy within your organization mandating that the same controls are applied to all generative AI workloads. In other words, you will need to consider whether you want to create a single guardrail that can be universally applied or if you are better off creating a series of guardrails.

One more thing that I want to point out before I get started is that guardrails can contain a number of different controls. Some of these controls are highly customizable and others can only be enabled or disabled, with no way to customize them. As such, there is a strong likelihood that once you have created a guardrail, you will have to do some fine tuning before the guardrail will behave in exactly the way that you have intended.

So with that said, let's go ahead and configure a guardrail. To get started, log into the AWS console and open the Amazon Bedrock service. Next, click on the Guardrails tab. As you can see in Figure 1, there are essentially three steps to the process including creating a guardrail, testing the guardrail, and deploying a guardrail. For the purpose of this series, I am going to focus on the guardrail creation process.

To get started, click on the Create Guardrail button, shown in the figure above. This will cause the console to launch a wizard that guides you through the seven step guardrail creation process.

As is typical of AWS, the wizard's first screen asks you to provide a name and an optional description for the guardrail that you are creating. My advice is to enter a detailed description, even if you don't have to, because the description can act as documentation of when and why the guardrail was created and what it is supposed to do. Having this information on hand can be especially useful if you are going to be creating multiple guardrails or if you are subject to compliance audits.

Before you move on, take a look at the lower portion of the screen capture shown above. As you can see, there is a text box containing a message that is displayed in response to a blocked prompt. In other words, if your users attempt to ask the AI a "forbidden question" as defined by the guardrail, the AI will respond by displaying the message that you enter into this box.

You might also notice that the interface contains a checkbox labeled Apply the Same Blocked Message for Responses. This checkbox exists because it is theoretically possible for an AI engine to generate a response that violates the guardrail's rules, even if the prompt itself does not. If you deselect this checkbox then a second text box will appear, thereby allowing you to create one message that you can use as a response to blocked prompts and a different message that is displayed when the response is blocked.

There are a lot more settings that you can configure when creating an AI guardrail in Amazon Bedrock. I will discuss the remaining settings in Part 2.